<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link rel="shortcut icon" href="assets/ico/favicon.ico">

    <link rel="icon" type="image/png" href="assets/favicons/favicon-196x196.png" sizes="196x196" />
    <link rel="icon" type="image/png" href="assets/favicons/favicon-96x96.png" sizes="96x96" />
    <link rel="icon" type="image/png" href="assets/favicons/favicon-32x32.png" sizes="32x32" />
    <link rel="icon" type="image/png" href="assets/favicons/favicon-16x16.png" sizes="16x16" />
    <link rel="icon" type="image/png" href="assets/favicons/favicon-128.png" sizes="128x128" />

    <title>TheHive Project</title>
    <meta name="description" content="Scalable, Open Source Security Incident Response Solutions designed for SOCs & CERTs to collaborate, elaborate, analyze and get their job done." />
    <meta name="keywords" content="SOC,CERT,CSIRT,Observables,Indicator,IOC,MISP,Malware Information Sharing Platform,Collaboration,Team,Open Source,FOSS,Security Operations Center,Malware,Threat,Platform,Software,Investigation,Insight,Triage,AGPL,Analyst,Data,Statistics" />
    <meta name="robots" content="index, follow">
    <meta name="revisit-after" content="3 month">

    <!--OPEN GRAPH-->
    <meta property="og:title" content="TheHive Project" />
    <meta property="og:description" content="Scalable, Open Source Security Incident Response Solutions designed for SOCs & CERTs to collaborate, elaborate, analyze and get their job done" />
    <meta property="og:type" content="website" />
    <meta property="og:url" content="https://www.thehive-project.org" />
    <meta property="og:image" content="https://www.thehive-project.org/img/preview.png" />
    <meta property="og:locale" content="en_US">

    <!--TWITTER-->
    <meta name="twitter:card" content="The Hive is a Scalable, Open Source Security Incident Response Platform">
    <meta name="twitter:title" content="TheHive Project">
    <meta name="twitter:description" content="Scalable, Open Source Incident Response Solutions designed for SOCs & CERTs to collaborate, elaborate, analyze and get their job done">
    <meta name="twitter:creator" content="@TheHive_Project">
    <meta name="twitter:url" content="https://www.thehive-project.org">
    <meta name="twitter:image" content="https://www.thehive-project.org/img/preview.png">

    <!-- CSS Plugins -->
    <link rel="stylesheet" href="assets/plugins/ionicons/css/ionicons.min.css">

    <!-- CSS Global -->
    <link rel="stylesheet" href="assets/css/theme.css">

  </head>
  <body class="no-settings" data-spy="scroll" data-target="#navbar_main" data-offset="80">

    <!-- PRELOADER
    ================================================== -->
    <div class="preloader">
      <img src="assets/img/spinner.svg" alt="Loading..." class="preloader__spinner">
    </div>

    <!-- NAVBAR
    ================================================== -->
    <nav class="navbar navbar-fixed-top navbar-default">
      <div class="container">

        <!-- Brand name -->
        <div class="navbar-header">
          <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar_main" aria-expanded="false">
            <span class="sr-only">Toggle navigation</span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
          </button>
          <a class="navbar-brand" href="#">TheHive Project</a>
        </div>

        <!-- Links -->
        <div class="collapse navbar-collapse" id="navbar_main">

          <ul class="nav navbar-nav navbar-right">
            <li><a href="#section_thehive">TheHive</a></li>
            <li><a href="#section_cortex">Cortex</a></li>
            <li><a href="#section_hippocampe">Hippocampe</a></li>
            <li><a href="#section_thehive4py">TheHive4Py</a></li>
            <li><a href="#section_team">Who we are</a></li>
            <li><a href="#section_contact">Support</a></li>
            <li><a href="https://blog.thehive-project.org/" target="_blank">Blog</a></li>
          </ul>

        </div><!-- /.navbar-collapse -->
      </div><!-- /.container -->
    </nav>

    <!-- BANNER
    ================================================== -->
    <section class="section_banner" id="section_banner">

      <!-- Images -->
      <div class="banner__carousel__img"
           data-images="assets/img/bg.003.png">
      </div>

      <div class="container">
        <div class="row">
          <div class="col-sm-12">

            <h1 class="h0 page-header text-white text-center animate-down animate-xs-step-0">
              <span>Security incident response</span> for the masses
            </h1>
            <p class="page-subheader text-white-muted text-center animate-down animate-xs-step-1">
              Scalable, Open Source and Free Solutions
            </p>
            <div class="text-center">
              <a href="#section_thehive" class="btn btn-primary animate-down animate-xs-step-2">
                Find out more
              </a>
            </div>

          </div>
        </div> <!-- / .row -->
      </div> <!-- / .container -->

    </section>

    <!-- THEHIVE
    ================================================== -->
    <section class="section_features" id="section_thehive">
      <div class="container">
        <div class="row">
          <div class="col-xs-12">
              <div class="text-center">
                <img src="assets/img/logos/thehive.svg" alt="TheHive" style="height:100px">
              </div>

            <h2 class="page-header text-center">
              A 3-in-1 Security Incident Response Platform
            </h2>

            <p class="page-subheader text-center">
              A scalable open source and free Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.
            </p>

            <div class="page-subheader text-center">
              <a href="https://github.com/CERT-BDF/TheHive" target="_blank" class="btn btn-primary animate-down animate-xs-step-2">
                Github
              </a>
              <a href="https://github.com/CERT-BDF/TheHiveDocs" target="_blank" class="btn btn-primary animate-down animate-xs-step-2">
                Documentation
              </a>
            </div>

          </div>
        </div> <!-- / .row -->
        <div class="row">
          <div class="col-sm-4">

            <div class="features__item animate-sm-step-0" data-animate="animate-up">
              <div class="features__item__icon">
                <i class="ion-android-laptop"></i>
              </div>
              <h3 class="features__item__heading">
                Collaborate
              </h3>
              <div class="features__item__body text-justify">
                Multiple SOC and CERT analysts can simultaneously collaborate on investigations. Thanks to the built-in live stream, real time information pertaining to new or existing cases, tasks, observables and IOCs is available to all team members. Special notifications allow them to handle or assign new tasks, preview new MISP events, SIEM alerts, email reports, import them and investigate them right away.
              </div>
            </div>

          </div>
          <div class="col-sm-4">

            <div class="features__item animate-sm-step-1" data-animate="animate-up">
              <div class="features__item__icon">
                <i class="ion-android-options"></i>
              </div>
              <h3 class="features__item__heading">
                Elaborate
              </h3>
              <div class="features__item__body text-justify">
                Cases and associated tasks can be created using a simple yet powerful template engine. You may add metrics to your templates to drive your team's activity, identify the type of investigations that take significant time and seek to automate tedious tasks. Each task can have multiple work logs to record the ongoing work, attach pieces of evidence or noteworthy files.
              </div>
            </div>

          </div>
          <div class="col-sm-4">

            <div class="features__item animate-sm-step-2" data-animate="animate-up">
              <div class="features__item__icon">
                <!-- <i class="ion-android-color-palette"></i> -->
                <i class="ion-gear-a"></i>
              </div>
              <h3 class="features__item__heading">
                Analyze
              </h3>
              <div class="features__item__body text-justify">
                Add one, hundreds or thousands of observables to each case that you create or import them directly from a MISP event. Quickly triage and filter them. Harness the power of Cortex and its analyzers to gain precious insight and speed up your investigation. Leverage tags, flag IOCs, and identify previously seen observables to feed your threat intelligence. Once investigations are completed, export IOCs to one or several MISP instances.
              </div>
            </div>

          </div>
        </div> <!-- / .row -->
      </div> <!-- / .container -->
    </section>


    <!-- CORTEX
    ================================================== -->
    <section class="section_features section_alt" id="section_cortex">
      <div class="container">
        <div class="row">
          <div class="col-xs-12">
              <div class="text-center">
                <img src="assets/img/logos/cortex.svg" alt="Cortex" style="height:100px">
              </div>
            <h2 class="page-header text-center">
              Powerful Observable Analysis Engine
            </h2>

            <p class="page-subheader text-center">
              Thanks to Cortex, observables such as IP and email addresses, URLs, domain names, files or hashes can be analyzed one by one using a Web interface. Analysts can also automate these operations and submit observables in bulk mode through the Cortex REST API from alternative SIRP platforms, custom scripts or MISP.
            </p>

            <div class="page-subheader text-center">
              <a href="https://github.com/CERT-BDF/Cortex" target="_blank" class="btn btn-primary animate-down animate-xs-step-2">
                Github
              </a>
              <a href="https://github.com/CERT-BDF/CortexDocs" target="_blank" class="btn btn-primary animate-down animate-xs-step-2">
                Documentation
              </a>
            </div>

          </div>
        </div> <!-- / .row -->
        <div class="row">
          <div class="col-sm-4">

            <div class="features__item animate-sm-step-0" data-animate="animate-up">
              <div class="features__item__icon">
                <i class="ion-compose"></i>
              </div>
              <h3 class="features__item__heading">
                Write
              </h3>
              <div class="features__item__body text-justify">
                By using Cortex, you won't need to rewrite the wheel every time you'd like to use a service or a tool to analyze an observable and help you investigate the case at hand. Leverage one of the several analyzers it contains or create your own using any programming language supported by Linux and make it available to the whole team or, better, to the whole community. You can also query MISP expansion modules from Cortex.
              </div>
            </div>

          </div>
          <div class="col-sm-4">

            <div class="features__item animate-sm-step-1" data-animate="animate-up">
              <div class="features__item__icon">
                <!-- <i class="ion-android-options"></i> -->
                <i class="ion-gear-b"></i>
              </div>
              <h3 class="features__item__heading">
                Run
              </h3>
              <div class="features__item__body text-justify">
                Cortex is the perfect companion for TheHive. TheHive can connect to one or multiple Cortex instances and with a few clicks you can analyze tens if not hundreds of observables at once. Using TheHive's report engine, it's easy to parse Cortex output and display it the way you want. You can also use Cortex as a standalone product thanks to its simple yet powerful Web UI or interface it with other security incident response platforms through a REST API.
              </div>
            </div>

          </div>
          <div class="col-sm-4">

            <div class="features__item animate-sm-step-2" data-animate="animate-up">
              <div class="features__item__icon">
                <i class="ion-flash"></i>
              </div>
              <h3 class="features__item__heading">
                Execute
              </h3>
              <div class="features__item__body text-justify">
                Cortex comes with tens of analyzers for popular services such as VirusTotal, DomainTools, PassiveTotal, Google Safe Browsing, PhishTank, MaxMind, or Open Threat Exchange. Identify abuse contacts, parse files in several formats such as OLE and OpenXML to detect VBA macros, generate useful information on PE, PDF files and much more. Cortex analyzers can also be queried from MISP to enrich events and improve visibility of an incident to speed up and extend the coverage of your investigations.
              </div>
            </div>

          </div>
        </div> <!-- / .row -->
      </div> <!-- / .container -->
    </section>


    <!-- HIPPOCAMPE
    ================================================== -->
    <section class="section_features" id="section_hippocampe">
      <div class="container">
        <div class="row">
          <div class="col-xs-12">
              <div class="text-center">
                <img src="assets/img/logos/hippocampe.png" alt="Hippocampe" style="height:100px">
              </div>
            <h2 class="page-header text-center">
              A simple, efficient, threat feed aggregator that you can query easily
            </h2>

            <p class="page-subheader text-center">
              Hippocampe gives your organisation a threat feed 'memory' and lets you query it easily through a REST API or a Web UI.
            </p>

            <div class="page-subheader text-center">
              <a href="https://github.com/CERT-BDF/Hippocampe" target="_blank" class="btn btn-primary animate-down animate-xs-step-2">
                Github
              </a>
              <a href="https://github.com/CERT-BDF/Hippocampe/wiki" target="_blank" class="btn btn-primary animate-down animate-xs-step-2">
                Documentation
              </a>
            </div>

          </div>
        </div> <!-- / .row -->
        <div class="row">
          <div class="col-sm-4">

            <div class="features__item animate-sm-step-0" data-animate="animate-up">
              <div class="features__item__icon">
                <i class="ion-funnel"></i>
              </div>
              <h3 class="features__item__heading">
                Gather
              </h3>
              <div class="features__item__body text-justify">
                Hippocampe regularly downloads and parses text-based threat feeds, public or private, from the Internet and stores them in Elasticsearch. Hassle-free. You can also supervise these operations and the data freshness.
              </div>
            </div>

          </div>
          <div class="col-sm-4">

            <div class="features__item animate-sm-step-1" data-animate="animate-up">
              <div class="features__item__icon">
                <i class="ion-android-search"></i>
              </div>
              <h3 class="features__item__heading">
                Query
              </h3>
              <div class="features__item__body text-justify">
                Use the Cortex analyzers we have created to take advantage of Hippocampe’s REST API. And if you use TheHive, the results are clearly displayed thanks to the report template that we kindly provide. Alternatively, you can use the Web UI to efficiently and quickly search IP addresses, URLs and domain names in the indexed feeds.
              </div>
            </div>

          </div>
          <div class="col-sm-4">

            <div class="features__item animate-sm-step-2" data-animate="animate-up">
              <div class="features__item__icon">
                <i class="ion-android-locate"></i>
              </div>
              <h3 class="features__item__heading">
                Assess
              </h3>
              <div class="features__item__body text-justify">
                Hippocampe allows analysts to configure a confidence level for each feed that can be changed over time and when queried, it will provide Hipposcore, a score that aids in deciding whether the observables are innocuous or rather malicious.
              </div>
            </div>

          </div>
        </div> <!-- / .row -->
      </div> <!-- / .container -->
    </section>


    <!-- THEHIVE4PY
    ================================================== -->
    <section class="section_features section_alt" id="section_thehive4py">
      <div class="container">
        <div class="row">
          <div class="col-xs-12">
            <h2 class="page-header text-center">
              <span>TheHive4Py</span>
            </h2>

            <p class="page-subheader text-center">
              A Python API client for TheHive.
            </p>

            <div class="page-subheader text-center">
              <a href="https://github.com/CERT-BDF/TheHive4py" target="_blank" class="btn btn-primary animate-down animate-xs-step-2">
                Github
              </a>
            </div>

          </div>
        </div> <!-- / .row -->
        <div class="row">
          <div class="col-sm-12">

            <div class="features__item animate-sm-step-0" data-animate="animate-up">
              <div class="features__item__body text-justify">
                TheHive4py allows analysts to create cases out of different sources such as email or a SIEM. For example, a SOC may ask its constituency to send suspicious email reports to a specific mailbox that a script polls at regular intervals. When a new email is received, the script parses it then calls TheHive4py to send an alert to the TheHive. Analysts can them preview the alert and if deemed interesting, they can import it as a case and start working on it collaboratively thanks to TheHive's live stream.
              </div>
            </div>

          </div>

        </div> <!-- / .row -->
      </div> <!-- / .container -->
    </section>

    <!-- TEAM
    ================================================== -->
    <section class="section_team section_alt" id="section_team">
      <div class="container">
        <div class="row">
          <div class="col-xs-12">

            <h2 class="page-header text-center">
              They've <span>made</span> it possible
            </h2>

            <p class="page-subheader text-center">
              A team of hard-working enthusiastic people who helped this project come to life.
            </p>

          </div>
        </div> <!-- / .row -->
        <div class="row">
            <div class="col-md-4 col-sm-12">
              <div class="team__item animate-sm-step-2" data-animate="animate-up">
                <div class="team__item__img">
                  <img src="assets/img/team/5.jpg" class="img-responsive" alt="Nabil Adouani">
                </div>
                <div class="team__item__footer">
                  <h3 class="team__item__footer__heading">
                    Nabil Adouani
                  </h3>
                  <div class="team__item__footer__content">
                    Nabil is a creative and seasoned coder who developed a true passion for beauty. He recognizes it whenever he sees it, unless, lo and behold, it takes the form of Scala code. He digs designing highly usable Web applications that do not resemble your grandpa’s. During his spare time, he searches for methods to cram more hours than humanly possible into a day. His attempts have been an epic failure so far.                    </div>
                </div>
              </div>
            </div>

            <div class="col-md-4 col-sm-12">

              <div class="team__item animate-sm-step-1" data-animate="animate-up">
                <div class="team__item__img">
                  <img src="assets/img/team/2.jpg" class="img-responsive" alt="Thomas Franco">
                </div>
                <div class="team__item__footer">
                  <h3 class="team__item__footer__heading">
                    Thomas Franco
                  </h3>
                  <div class="team__item__footer__content">
                    Thomas is a zen master who loves honeybees and locally-grown software. When he is tired of minding his garden and feeding the chickens in his backyard, he spends hours reading about programming arcanes. During the day, he wears the hat of a highly-skilled security engineer while at night he writes software poetry using functional programming langages. He sometimes understand his own thoughts.
                  </div>
                </div>
              </div> <!-- / .team__item -->

            </div>

            <div class="col-md-4 col-sm-12">

              <div class="team__item animate-sm-step-0" data-animate="animate-up">
                <div class="team__item__img">
                  <img src="assets/img/team/1.jpg" class="img-responsive" alt="Saâd Kadhi">
                </div>
                <div class="team__item__footer">
                  <h3 class="team__item__footer__heading">
                    Saâd Kadhi
                  </h3>
                  <div class="team__item__footer__content">
                    Saâd is a convinced archeofuturist and a true retromodernist with a serious knack for individualistic altruism. TheHive, Cortex and Hippocampe are his brainchildren. He has been working in information security since forever (well, almost). He discovered Incident Response a decade ago and developed a passion for it. He currently leads a large CERT at a reputable financial institution.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                  </div>
                </div>
              </div> <!-- / .team__item -->

            </div>
        </div>

        <div class="row">
          <div class="col-md-offset-2 col-md-4 col-sm-12">
            <div class="team__item animate-sm-step-2" data-animate="animate-up">
              <div class="team__item__img">
                <img src="assets/img/team/3.jpg" class="img-responsive" alt="Jerome Léonard">
              </div>
              <div class="team__item__footer">
                <h3 class="team__item__footer__heading">
                  Jérôme Leonard
                </h3>
                <div class="team__item__footer__content">
                  Jérôme lives near some of the best vineyards in France if not in the world. He enjoys climbing rocks and walls and watching highly-rated films such as La Classe Américaine over and over again. He also studies the dark arts of shamanism to be able to identify the attacker just by looking at two letters of a domain name. No wonder he is a very sharp security analyst or whatever they call them these days.
                </div>
              </div>
            </div>
          </div>

          <div class="col-md-4 col-sm-12">
            <div class="team__item animate-sm-step-2" data-animate="animate-up">
              <div class="team__item__img">
                <img src="assets/img/team/4.jpg" class="img-responsive" alt="Danni Co">
              </div>
              <div class="team__item__footer">
                <h3 class="team__item__footer__heading">
                  Danni Co
                </h3>
                <div class="team__item__footer__content">
                  Danni is the youngest member of the team. He does not know how a 56k modem sounds and was not even born when the IP over Avian Carriers standard was written. He developed Hippocampe independently with minimal supervision and proved that junior can go along with professional. Finally, he enjoys his youthfulness by working abroad from his home country as an incident handler.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                </div>
              </div>
            </div>
          </div>

        </div>
      </div>
    </section>

    <!-- CONTACT
    ================================================== -->
    <section class="section_features" id="section_contact">
      <div class="container">
        <div class="row">
          <div class="col-xs-12">
              <h2 class="page-header text-center">
                Get in touch <span>with us</span>
              </h2>

              <p class="page-subheader text-center">
                Please open an issue on GitHub if you'd like to report a bug or request a feature: <a href="https://github.com/CERT-BDF/TheHive/issues/new" target="_blank">TheHive</a>, <a href="https://github.com/CERT-BDF/Cortex/issues/new" target="_blank">Cortex</a>, <a href="https://github.com/CERT-BDF/Hippocampe/issues/new" target="_blank">Hippocampe</a>, <a href="https://github.com/CERT-BDF/Cortex-Analyzers/issues/new" target="_blank">Analyzers</a>, <a href="https://github.com/CERT-BDF/TheHive4py/issues/new" target="_blank">TheHive4py</a>. You can also subscribe to our <a href="https://groups.google.com/a/thehive-project.org/forum/#!forum/users" target="_blank">user forum</a> and join the conversation on <a href="https://gitter.im/TheHive-Project/TheHive" target="_blank">Gitter</a>.
              </p>

              <p class="page-subheader text-center">
                  If you need to contact the project team, send an email to
                  <a href="mailto:support@thehive-project.org">support@thehive-project.org</a>.
              </p>
          </div>
        </div> <!-- / .row -->
      </div> <!-- / .container -->
    </section>


    <!-- FOOTER
    ================================================== -->
    <footer class="section_footer">
      <div class="container">
        <div class="row">
          <div class="col-sm-9">

            <p class="footer__copyright">
              <span>2014-2017</span> &copy;  Thomas Franco, Saâd Kadhi, Jérôme Leonard.
            </p>
            <p class="footer__copyright">
                <small class="content credits">
                  All photos except Danni’s have been taken by <a href="mailto:&#109;&#097;&#105;&#108;&#116;&#111;:&#112;&#104;&#111;&#116;&#111;&#115;&#064;&#103;&#111;&#104;&#105;&#101;&#114;&#046;&#102;&#114;">Alexandre Gohier</a>, a professional photographer. TheHive, Cortex and Hippocampe logos are the property of TheHive Project. They were designed by <a href="https://www.behance.net/sachagrellard" target="_blank">Sacha Grellard</a>.
                </small>
            </p>

          </div>
          <div class="col-sm-3">

            <ul class="footer__social">
              <li>
                <a class="twitter" href="https://twitter.com/TheHive_Project" target="_blank">
                  <i class="ion-social-twitter"></i>
                </a>
              </li>
              <li>
                <a class="github" href="https://github.com/CERT-BDF/TheHive" target="_blank">
                  <i class="ion-social-github"></i>
                </a>
              </li>
            </ul>

          </div>
        </div> <!-- / .row -->
      </div> <!-- / .container -->
    </footer>

    <!-- JAVASCRIPT
    ================================================== -->

    <!-- JS Global -->
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
    <script src="assets/bootstrap/js/bootstrap.min.js"></script>

    <!-- JS Plugins -->
    <script src="assets/plugins/smoothscroll/smoothscroll.min.js"></script>
    <script src="assets/plugins/backstretch/jquery.backstretch.min.js"></script>
    <script src="assets/plugins/countTo/jquery.countTo.js"></script>
    <script src="assets/plugins/contact-form/contact.js"></script>
    <script src="assets/plugins/waypoints/jquery.waypoints.min.js"></script>

    <!-- JS Custom -->
    <script src="assets/js/theme.js"></script>
    <script src="assets/js/custom.js"></script>

  </body>
</html>
